State enforcement agencies are keeping the pressure on businesses, with two new enforcement actions announced this week in California and Texas. Read more here: wiley.law/alert-State-...
#Privacy #StatePrivacy
IAPP’s Global Privacy Summit in DC this week has featured panels with several state regulators charged with enforcing their state’s privacy laws, including regulators from California, Colorado, Connecticut, and Oregon.
wileyconnect.com/5-key-privac...
#GPS25 #StatePrivacy
State Privacy Regulators Announce Formation of Privacy ‘Supergroup’ www.jdsupra.com/legalnews/st... #StatePrivacy
This week in our March Privacy Forecast, we are discussing a significant outlier amongst U.S. state privacy laws: the Maryland Online Data Privacy Act (MODPA), which is set to take effect on October 1, 2025. www.wileyconnect.com/march-privac...
#Cybersecurity #Privacy #StatePrivacy
Other "wiretapping" defenses: Communication not "intercepted in transit" or siteowner/pixel owner is party to communication
Prior, affirmative consent is always a defense, although many companies don't want to start with opt-out/opt-in opportunity.
#privacy #stateprivacy #iab
Some types of defenses in pixel litigation, aside from consent, depending on legal theory:
* "Wiretapping" violation (contents of communication): what is being intercepted (e.g. where people are clicking on page) is not "protected communication"
#privacy #stateprivacy #iab
Panelist: the tools to automatically "crawl" sites looking for pre-consent pixels can give a lot of false positives. Using experts and capturing screens makes the potential claim stronger. #privacy #stateprivacy #iab
Next panel is on "New Trends in Pixel Litigation," which started with a discussion of how a plaintiff with a social media account will go to that account, while an expert will record the tracking pixels that are present prior to any consent being requested or obtained. #privacy #stateprivacy #iab
Very interesting discussion from the data broker panelists about how many invalid (and potentially phishing) "requests to delete" they get from companies which claim to offer that service to consumers. One estimated that 95% are invalid. #privacy #stateprivacy #iab
Interesting insight from #IAB panel: State privacy laws may differ, but AG offices actively collaborate to align enforcement approaches where possible.
#StatePrivacy
Key vendor management lesson from CT: You can delegate responsibilities, but with sensitive data comes the duty to verify protection measures. Monitor your vendors!
#StatePrivacy
CT and NJ's privacy regulators discuss enforcement priorities: Data minimization, partner accountability, and making sure consent for sensitive data is specific - no more blanket terms. #StatePrivacy
Next #IAB State #Privacy Law Summit panel: Understanding the data broker regulatory landscape. Panelists from Equifax, Dentsu, and Magnite. #stateprivacy
The limited resources of an AG's office mean they generally don't take "gray" cases, and don't go for "gotchas," even while they're dedicated to protecting consumers from a #privacy perspective. #stateprivacy #iab
Something a regulator will never say: "I'm going to narrowly apply that consumer protection statute." Question whether a business' creative (and narrow) suggested way to intepret a statute will ever persuade a regulator. If it fits the black letter of the law, maybe. #privacy #stateprivacy #IAB
AG offices look for issues and follow trends with tools like Google Alerts for "data breach," "technology," and "innovation." #privacy #stateprivacy #iab
Yet another reminder that, whether or not a state (or country) has a specific #privacy or #AI -related law, the power to go after unfair and deceptive practices, part of general consumer protection law, allows legal action. #privacy #stateprivacy #iab
The full report, from February 2024, can be found here: portal.ct.gov/ag/press-rel... #privacy #CTDPA #stateprivacy #iab
CT AG person mentions the statutorily required CTDPA enforcement report it issued; it shows the #privacy areas on which the CT AG is focused. She agrees that transparency requirements failures are the "low hanging fruit" for enforcement. #stateprivacy #iab
Important point: the individual states' AG office work together frequently, expanding their scope and their available resources. #privacy #stateprivacy #iab
Back from lunch at the #IAB State #Privacy Law Summit. Panelists from the Cybersecurity/Privacy depts of the Attorney General's offices from NJ (they're hiring!) and Connecticut. (CT brags it was the first dedicated cybersecurity/privacy AG office; NJ brags it's bigger. :) ) #stateprivacy
Reminder about what NY State AG said about consumer disclosures: "Say what you do; do what you say." Failing to do so can be "low hanging fruit" that can lead to consumer protection enforcement for being "deceptive," even absent specific #privacy laws. #stateprivacy #iab
Question whether consumers actually expect that their e-mail addresses will be used for something other than sending e-mails (e.g. matching to demographic data via identifiers). Also, be *very* careful about making absolute statements in disclosures. #stateprivacy #privacy #iab
Discussion about state data minimization and disclosure requirements, and whether consumer expectations are relevant. Panelists believe that consumer expectations for what is reasonably necessary (e.g. registration for free-of-charge content) are relevant. #stateprivacy #privacy #iab
Cross-context behavioral advertising needs careful third-party tracking disclosure. Get ahead by reaching out to vendors now about listing them as third parties. Some may push back - plan accordingly. #AdTech #StatePrivacy
"Start before you need to." Disclosures of third parties are required now by Oregon, and more laws are coming (MN - July 2025, RI - Jan 2026). Don't wait for investigation letters. Begin your work now, especially for third-party tracking disclosure requirements.
#StatePrivacy #IAB
Oregon requires disclosure of 3rd parties in response to data request, with time to respond; Rhode Island will require it in *privacy policy*, making currency and accuracy all the more difficult. #StatePrivacy #Privacy #IAB
Major challenge: states (Oregon, soon Rhode Island) that require business to disclose the specific third parties (not just sell/share/target recipients) to which company is *disclosing* personal info. Issues of knowledge, confidentiality obligations, and practicality. #IAB #stateprivacy #privacy
👋 It’s all blue ocean (sky?) here, Jonathan. #CCPA #GDPR #StatePrivacy and #IAB!
